By ROBERT KURTZ for ASCA Focus Journal
For ASCs struggling to manage their information technology (IT) while maintaining cyber security and compliance, partnering with a managed services provider (MSP) might provide needed relief.
“MSPs are companies that will take part or all of your IT systems and services and manage them for you,” says Daniel O’Connor, vice president of client relations for Stoltenberg Consulting, a health care IT consulting firm based in Bethel Park, Pennsylvania. “We are seeing businesses like ASCs increasingly using a hybrid management solution for their IT. They may want to maintain a small footprint of people on site to quickly respond to IT needs, with the rest remotely managed by an MSP. This allows ASC management to focus on running the clinical and financial components of the business without having to worry about IT issues.”
Outsourcing IT to an MSP can provide security and cost savings, says Dan Marcellus, chief executive officer of SkyPort IT, a health care IT services provider based in Rochester, New York.
“For an ASC using 50–75 computers, a single IT employee would spend much of their time keeping systems updated and patched,” he says. “That does not leave much time for other critical IT issues, such as cyber security, data backup management, problems that can hinder productivity and IT infrastructure strategic planning.” For typically less than the cost of a full-time employee, an ASC can get access to a full team of experts and their tools to manage these and other tasks, he adds. “You also gain a support system to help keep your ASC running if your IT employee becomes unavailable.”
Take several factors into consideration when choosing an MSP, O’Connor says. “Look for an MSP experienced in health care and, preferably, in ASCs. You want a partner with experience supporting a facility like yours. Cost should be a driving factor, but not the overall driving factor in choosing an MSP. Finally, make sure the MSP is current with all reporting and regulatory issues.”
Marcellus recommends looking for an MSP with a strong grasp of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). “Many of the deficiencies that jeopardize HIPAA compliance are relatively easy fixes,” he says. “These can include implementing a group policy to prevent thumb drives from taking data off a computer, restricting Internet access and enabling password locking when staff walk away from a computer. An MSP knowledgeable in HIPAA will know how to find these vulnerabilities, address them and make sure they do not return.”
He says ASCs also should ensure the MSP is willing to sign a business associate contract, an agreement to meet the same HIPAA requirements as the ASC.
In addition to researching an MSP’s qualifications, O’Connor recommends interviewing the MSP employee who will manage your account. “Make sure you are comfortable working with them as if they were an employee of the ASC. This individual should fit your culture and understand how to meet the needs of your ASC.”
Throughout your partnership with an MSP, there should be a regular sharing of information about your ASC’s IT performance, O’Connor says. “During the implementation of an MSP’s services and the conversion of IT management to the MSP, request at least weekly status updates. This should become a daily update during the first week of the MSP assuming management responsibilities or at least until processes are stabilized.”
Monthly monitoring reports thereafter are critical, Marcellus says. “While these reports will vary based upon the MSP’s contracted services, reports may provide status updates on your ASC’s systems, applications, network and security. Discussing the results of each report with your MSP can help ensure you have a good understanding of your IT’s current and future performance and needs.”